let domain = builtins.getEnv "DOMAIN"; siteHash = builtins.getEnv "SITE_HASH"; serverImage = builtins.getEnv "SERVER_IMAGE"; datacenter = builtins.getEnv "DATACENTER"; s3Bucket = builtins.getEnv "S3_BUCKET"; jobId = "site-" + builtins.replaceStrings [ "." ] [ "-" ] domain; startupCmd = "mkdir -p /var/www && " + "aws s3 cp s3://${s3Bucket}/sites/${domain}/${siteHash}.tar.gz - " + "| tar xz -C /var/www/ && " + "exec static-web-server --port 8080 --root /var/www"; templateData = "{{ with nomadVar \"nomad/jobs\" }}" + "AWS_ACCESS_KEY_ID={{ .access_key }}\n" + "AWS_SECRET_ACCESS_KEY={{ .secret_key }}\n" + "AWS_ENDPOINT_URL={{ .endpoint }}\n" + "{{ end }}"; job = { Job = { ID = jobId; Name = jobId; Namespace = "static-sites"; Type = "service"; Datacenters = [ datacenter ]; Update = { MinHealthyTime = 5000000000; HealthyDeadline = 60000000000; MaxParallel = 1; }; TaskGroups = [ { Name = "site"; Count = 1; Networks = [ { DynamicPorts = [ { Label = "http"; To = 8080; } ]; } ]; Services = [ { Name = jobId; Provider = "nomad"; PortLabel = "http"; Tags = [ "traefik.enable=true" "traefik.http.routers.${jobId}.rule=Host(`${domain}`)" "traefik.http.routers.${jobId}.entrypoints=websecure" "traefik.http.routers.${jobId}.tls.certresolver=letsencrypt" ]; Checks = [ { Type = "http"; Path = "/"; Interval = 5000000000; Timeout = 5000000000; } ]; } ]; Tasks = [ { Name = "server"; Driver = "docker"; Config = { image = serverImage; command = "/bin/bash"; args = [ "-c" startupCmd ]; ports = [ "http" ]; }; Templates = [ { EmbeddedTmpl = templateData; DestPath = "secrets/s3.env"; Envvars = true; } ]; Resources = { CPU = 100; MemoryMB = 128; }; } ]; } ]; }; }; in builtins.toJSON job